#!/bin/bash

KEY_PASS="connectlife-2024"
KEY_ALIAS="webflux-ssl"

rm -rf /home/default/Downloads/ssl
mkdir -p /home/default/Downloads/ssl/{root,server,client,trust}

# generate server side CA
/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/server/server.keystore.jks -alias $KEY_ALIAS -validity 3650 -genkey -keypass $KEY_PASS -keyalg RSA -dname "CN=$KEY_ALIAS,OU=cl,O=cl,L=qd,S=sd,C=cn" -storepass $KEY_PASS -ext SAN=DNS:$KEY_ALIAS

openssl req -new -x509 -keyout /home/default/Downloads/ssl/root/ca-key -out /home/default/Downloads/ssl/root/ca-cert -days 3650 -passout pass:$KEY_PASS -subj "/C=cn/ST=sd/L=qd/O=cl/OU=cl/CN=$KEY_ALIAS"

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/trust/client.truststore.jks -alias CARoot -import -file /home/default/Downloads/ssl/root/ca-cert -storepass $KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/trust/server.truststore.jks -alias CARoot -import -file /home/default/Downloads/ssl/root/ca-cert -storepass $KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/server/server.keystore.jks -alias $KEY_ALIAS -certreq -file /home/default/Downloads/ssl/server/server.cert-file -storepass $KEY_PASS

openssl x509 -req -CA /home/default/Downloads/ssl/root/ca-cert -CAkey /home/default/Downloads/ssl/root/ca-key -in /home/default/Downloads/ssl/server/server.cert-file -out /home/default/Downloads/ssl/server/server.cert-signed -days 365 -CAcreateserial -passin pass:$KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/server/server.keystore.jks -alias CARoot -import -file /home/default/Downloads/ssl/root/ca-cert -storepass $KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/server/server.keystore.jks -alias $KEY_ALIAS -import -file /home/default/Downloads/ssl/server/server.cert-signed -storepass $KEY_PASS

# generate client side CA
/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/client/client.keystore.jks -alias $KEY_ALIAS -validity 3650 -genkey -keypass $KEY_PASS -dname "CN=$KEY_ALIAS,OU=cl,O=cl,L=qd,S=sd,C=cn" -ext SAN=DNS:$KEY_ALIAS -storepass $KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/client/client.keystore.jks -alias $KEY_ALIAS -certreq -file /home/default/Downloads/ssl/client/client.cert-file --storepass $KEY_PASS

openssl x509 -req -CA /home/default/Downloads/ssl/root/ca-cert -CAkey /home/default/Downloads/ssl/root/ca-key -in /home/default/Downloads/ssl/client/client.cert-file -out /home/default/Downloads/ssl/client/client.cert-signed -days 3650 -CAcreateserial -passin pass:$KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/client/client.keystore.jks -alias CARoot -import -file /home/default/Downloads/ssl/root/ca-cert -storepass $KEY_PASS

/home/edwin/WORKSPACE/TOOLS/jdk1.8.0_201/bin/keytool -keystore /home/default/Downloads/ssl/client/client.keystore.jks -alias $KEY_ALIAS -import -file /home/default/Downloads/ssl/client/client.cert-signed -storepass $KEY_PASS
#################
